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Amendment to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 



L 



Listing of Claims: 
CLAIMS: 



Claim 1 (Currently Amended): A system for managing policy services in an 
organization, the organization including a first network having a first set of resources and 
a second network remote from the first network having a second set of resources, the 
system 
comprising: 

a first edge device associated with the first network, the first edge device configured 
to manage policies for the first network and the first set of resources in 
accordance with first policy settings stored in a first database; 

a second edge device associated with the second network, the second edge device 
configured to manage policies for the second network and the second set of 
resources in accordance with second policy settings stored in a second database; 
and 

a central policy server defining the first and second policy settings and managing the 
first and second edge devices from a single location, the central policy server 
being associated with a central database storing configuration information of the 
first and second edge devices, wherein the central database is organized according 
to a hierarchical object oriented structure; 

wherein: the central policy server is configured to transmit, in response to a user 
command, a first policy settings update to the first edge device fo r storing in the 
first database and a second policy settings update to the second edge device for 
storing in the second database. 
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Claim 2 (Original): The system of claim 1, wherein the first and second databases are 
organized according to the hierarchical object oriented structure. 

Claim 3 (Original): The system of claim 1, wherein the configuration information 
includes the first and second policy settings. 

Claim 4 (Original): The system of claim 3, wherein the hierarchical object oriented 
structure includes a plurality of resource objects and policy objects for defining the first 
and second policy settings. 

Claim 5 (Original): The system of claim 4, wherein the central database and the first and 
second databases are Lightweight Directory Access Protocol (LDAP) databases storing 
each resource object and policy object as an LDAP entry. 

Claim 6 (Original): The system of claim 4, wherein the resource objects are selected 
from a group consisting of devices, users, hosts, services, and time. 

Claim 7 (Original): The system of claim 6, wherein the devices include the first and 
second edge devices, each device being associated with a set of users and a particular 
host. 

Claim 8 (Original): The system of claim 6, wherein the hosts include the first and 
second networks. 

Claim 9 (Original): The system of claim 4, wherein the policy objects are selected from 
a group consisting of bandwidth, firewall, administration, and virtual private network 
grouping. 
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Claim 10 (Original): The system of claim 9, wherein the virtual private network 
grouping includes a virtual private network associated with one or more sites, users, and 
rules. 

Claim 11 (Original): The system of claim 10, wherein each site includes one or more 
networks behind an edge device. 

Claim 12 (Original): The system of claim 10, wherein the rules are firewall rules 
providing access control over network traffic flowing through the virtual private network. 

Claim 13 (Currently Amended): In a system including a first network having a first set 
of resources and a second network remote from the first network having a second set of 
resources, the first network being associated with a first edge device and a first database, 
and the second network being associated with a second edge device and a 
second database, the system further including a central policy server in communication 
with the first and second edge devices, the central policy server being associated with a 
central database, a method for managing policy services in the system comprising: 

storing configuration information of the first and second edge devices in the central 

database, the central database being organized in a hierarchical object oriented 

structure; 

storing first policy settings in the first database; 
storing second policy settings in the second database; 

managing policies for the first network and the first set of resources from the first 

edge device in accordance with the first policy settings stored in the first database; 
managing policies for the second network and the second set of resources from the 

second edge device in accordance with the second policy settings stored in the 

second database; [[and]] 
defining the first and second policy settings and managing the first and second edge 

devices from the central policy server; 
generating, bv the central nolicv server in response to a user command, an update for 

the first policy settings and an update for the s econd policy settings; 
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transmitting, bv die central policy server, the update f or the first policy settings to the 
firgj ed ge device and the update for the sec ond policy settings to the second edge 
device: and 

storin g the update to the first edge device in the first data base and the update to the 
second edge device in the second data base. 

Claim 14 (Original): The method of claim 13, wherein the first and second databases are 
organized according to the hierarchical object oriented structure. 

Claim 15 (Original): The method of claim 13, wherein the configuration information 
includes the first and second policy settings. 

Claim 16 (Original): The method of claim 15, wherein the hierarchical object oriented 
structure includes a plurality of resource objects and policy objects for defining the first 
and second policy settings. 

Claim 17 (Original): The method of claim 16, wherein the central database and the first 
and second databases are Lightweight Directory Access Protocol (LDAP) databases 
storing each resource object and policy object as an LDAP entry. 

Claim 18 (Original): The method of claim 16, wherein the resource objects are selected 
from a group consisting of devices, users, hosts, services, and time. 

Claim 19 (Original): The method of claim 18, wherein the devices include the first and 
second edge devices, each device being associated with a set of users and a particular 
host. 

Claim 20 (Original): The method of claim 18, wherein the hosts include the first and 
second networks. 
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Claim 21 (Original): The method of claim 16, wherein the policy objects are selected 
from a group consisting of bandwidth, firewall, administration, and virtual private 
network grouping. 

Claim 22 (Original): The method of claim 21, wherein the virtual private network 
grouping includes a virtual private network associated with one or more sites, users, and 
rules. 

Claim 23 (Original): The method of claim 22, wherein each site includes one or more 
networks behind an edge device. 

Claim 24 (Original): The method of claim 22, wherein the rules are firewall rules 
providing access control over network traffic flowing through the virtual private network. 
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